xref: /freebsd/sys/security/mac_stub/mac_stub.c (revision 403b781e2d6f3a7f02959ab42f51b5e4f0c7743e)
1d8a7b7a3SRobert Watson /*-
2f6a41092SRobert Watson  * Copyright (c) 1999-2002 Robert N. M. Watson
3ba53d9c9SRobert Watson  * Copyright (c) 2001-2005 McAfee, Inc.
46758f88eSRobert Watson  * Copyright (c) 2005 SPARTA, Inc.
5d8a7b7a3SRobert Watson  * All rights reserved.
6d8a7b7a3SRobert Watson  *
7d8a7b7a3SRobert Watson  * This software was developed by Robert Watson for the TrustedBSD Project.
8d8a7b7a3SRobert Watson  *
9ba53d9c9SRobert Watson  * This software was developed for the FreeBSD Project in part by McAfee
10ba53d9c9SRobert Watson  * Research, the Security Research Division of McAfee, Inc. under
11ba53d9c9SRobert Watson  * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
12ba53d9c9SRobert Watson  * CHATS research program.
13d8a7b7a3SRobert Watson  *
146758f88eSRobert Watson  * This software was enhanced by SPARTA ISSO under SPAWAR contract
156758f88eSRobert Watson  * N66001-04-C-6019 ("SEFOS").
166758f88eSRobert Watson  *
17d8a7b7a3SRobert Watson  * Redistribution and use in source and binary forms, with or without
18d8a7b7a3SRobert Watson  * modification, are permitted provided that the following conditions
19d8a7b7a3SRobert Watson  * are met:
20d8a7b7a3SRobert Watson  * 1. Redistributions of source code must retain the above copyright
21d8a7b7a3SRobert Watson  *    notice, this list of conditions and the following disclaimer.
22d8a7b7a3SRobert Watson  * 2. Redistributions in binary form must reproduce the above copyright
23d8a7b7a3SRobert Watson  *    notice, this list of conditions and the following disclaimer in the
24d8a7b7a3SRobert Watson  *    documentation and/or other materials provided with the distribution.
25d8a7b7a3SRobert Watson  *
26d8a7b7a3SRobert Watson  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
27d8a7b7a3SRobert Watson  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28d8a7b7a3SRobert Watson  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29d8a7b7a3SRobert Watson  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
30d8a7b7a3SRobert Watson  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31d8a7b7a3SRobert Watson  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32d8a7b7a3SRobert Watson  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33d8a7b7a3SRobert Watson  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34d8a7b7a3SRobert Watson  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35d8a7b7a3SRobert Watson  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36d8a7b7a3SRobert Watson  * SUCH DAMAGE.
37d8a7b7a3SRobert Watson  *
38d8a7b7a3SRobert Watson  * $FreeBSD$
39d8a7b7a3SRobert Watson  */
40d8a7b7a3SRobert Watson 
41d8a7b7a3SRobert Watson /*
42d8a7b7a3SRobert Watson  * Developed by the TrustedBSD Project.
431c3f91cdSRobert Watson  *
441c3f91cdSRobert Watson  * Stub module that implements a NOOP for most (if not all) MAC Framework
451c3f91cdSRobert Watson  * policy entry points.
46d8a7b7a3SRobert Watson  */
47d8a7b7a3SRobert Watson 
48d8a7b7a3SRobert Watson #include <sys/types.h>
49d8a7b7a3SRobert Watson #include <sys/param.h>
50d8a7b7a3SRobert Watson #include <sys/acl.h>
51d8a7b7a3SRobert Watson #include <sys/conf.h>
52763bbd2fSRobert Watson #include <sys/extattr.h>
53d8a7b7a3SRobert Watson #include <sys/kernel.h>
54d8a7b7a3SRobert Watson #include <sys/mac.h>
55d8a7b7a3SRobert Watson #include <sys/mount.h>
56d8a7b7a3SRobert Watson #include <sys/proc.h>
57d8a7b7a3SRobert Watson #include <sys/systm.h>
58d8a7b7a3SRobert Watson #include <sys/sysproto.h>
59d8a7b7a3SRobert Watson #include <sys/sysent.h>
60d8a7b7a3SRobert Watson #include <sys/vnode.h>
61d8a7b7a3SRobert Watson #include <sys/file.h>
62d8a7b7a3SRobert Watson #include <sys/socket.h>
63d8a7b7a3SRobert Watson #include <sys/socketvar.h>
64d8a7b7a3SRobert Watson #include <sys/pipe.h>
6536422989SPoul-Henning Kamp #include <sys/sx.h>
66d8a7b7a3SRobert Watson #include <sys/sysctl.h>
67ba53d9c9SRobert Watson #include <sys/msg.h>
68ba53d9c9SRobert Watson #include <sys/sem.h>
69ba53d9c9SRobert Watson #include <sys/shm.h>
70d8a7b7a3SRobert Watson 
7152648411SRobert Watson #include <posix4/ksem.h>
7252648411SRobert Watson 
73d8a7b7a3SRobert Watson #include <fs/devfs/devfs.h>
74d8a7b7a3SRobert Watson 
75d8a7b7a3SRobert Watson #include <net/bpfdesc.h>
76d8a7b7a3SRobert Watson #include <net/if.h>
77d8a7b7a3SRobert Watson #include <net/if_types.h>
78d8a7b7a3SRobert Watson #include <net/if_var.h>
79d8a7b7a3SRobert Watson 
80d8a7b7a3SRobert Watson #include <netinet/in.h>
81a557af22SRobert Watson #include <netinet/in_pcb.h>
82d8a7b7a3SRobert Watson #include <netinet/ip_var.h>
83d8a7b7a3SRobert Watson 
84d8a7b7a3SRobert Watson #include <vm/vm.h>
85d8a7b7a3SRobert Watson 
86d8a7b7a3SRobert Watson #include <sys/mac_policy.h>
87d8a7b7a3SRobert Watson 
88d8a7b7a3SRobert Watson SYSCTL_DECL(_security_mac);
89d8a7b7a3SRobert Watson 
901c3f91cdSRobert Watson SYSCTL_NODE(_security_mac, OID_AUTO, stub, CTLFLAG_RW, 0,
911c3f91cdSRobert Watson     "TrustedBSD mac_stub policy controls");
92d8a7b7a3SRobert Watson 
931c3f91cdSRobert Watson static int	stub_enabled = 1;
941c3f91cdSRobert Watson SYSCTL_INT(_security_mac_stub, OID_AUTO, enabled, CTLFLAG_RW,
951c3f91cdSRobert Watson     &stub_enabled, 0, "Enforce mac_stub policy");
96d8a7b7a3SRobert Watson 
97d8a7b7a3SRobert Watson /*
98d8a7b7a3SRobert Watson  * Policy module operations.
99d8a7b7a3SRobert Watson  */
100d8a7b7a3SRobert Watson static void
1011c3f91cdSRobert Watson stub_destroy(struct mac_policy_conf *conf)
102d8a7b7a3SRobert Watson {
103d8a7b7a3SRobert Watson 
104d8a7b7a3SRobert Watson }
105d8a7b7a3SRobert Watson 
106d8a7b7a3SRobert Watson static void
1071c3f91cdSRobert Watson stub_init(struct mac_policy_conf *conf)
108d8a7b7a3SRobert Watson {
109d8a7b7a3SRobert Watson 
110d8a7b7a3SRobert Watson }
111d8a7b7a3SRobert Watson 
1128a97ecf6SRobert Watson static int
1131c3f91cdSRobert Watson stub_syscall(struct thread *td, int call, void *arg)
1148a97ecf6SRobert Watson {
1158a97ecf6SRobert Watson 
1168a97ecf6SRobert Watson 	return (0);
1178a97ecf6SRobert Watson }
1188a97ecf6SRobert Watson 
119d8a7b7a3SRobert Watson /*
120d8a7b7a3SRobert Watson  * Label operations.
121d8a7b7a3SRobert Watson  */
122d8a7b7a3SRobert Watson static void
1231c3f91cdSRobert Watson stub_init_label(struct label *label)
124d8a7b7a3SRobert Watson {
125d8a7b7a3SRobert Watson 
126d8a7b7a3SRobert Watson }
127d8a7b7a3SRobert Watson 
128d8a7b7a3SRobert Watson static int
1291c3f91cdSRobert Watson stub_init_label_waitcheck(struct label *label, int flag)
130d8a7b7a3SRobert Watson {
131d8a7b7a3SRobert Watson 
132d8a7b7a3SRobert Watson 	return (0);
133d8a7b7a3SRobert Watson }
134d8a7b7a3SRobert Watson 
135d8a7b7a3SRobert Watson static void
1361c3f91cdSRobert Watson stub_destroy_label(struct label *label)
137d8a7b7a3SRobert Watson {
138d8a7b7a3SRobert Watson 
139d8a7b7a3SRobert Watson }
140d8a7b7a3SRobert Watson 
1410196273bSRobert Watson static void
1420196273bSRobert Watson stub_copy_label(struct label *src, struct label *dest)
1430196273bSRobert Watson {
1440196273bSRobert Watson 
1450196273bSRobert Watson }
1460196273bSRobert Watson 
147d8a7b7a3SRobert Watson static int
1481c3f91cdSRobert Watson stub_externalize_label(struct label *label, char *element_name,
149f51e5803SRobert Watson     struct sbuf *sb, int *claimed)
150d8a7b7a3SRobert Watson {
151d8a7b7a3SRobert Watson 
152d8a7b7a3SRobert Watson 	return (0);
153d8a7b7a3SRobert Watson }
154d8a7b7a3SRobert Watson 
155d8a7b7a3SRobert Watson static int
1561c3f91cdSRobert Watson stub_internalize_label(struct label *label, char *element_name,
15724e8d0d0SRobert Watson     char *element_data, int *claimed)
158d8a7b7a3SRobert Watson {
159d8a7b7a3SRobert Watson 
160d8a7b7a3SRobert Watson 	return (0);
161d8a7b7a3SRobert Watson }
162d8a7b7a3SRobert Watson 
163d8a7b7a3SRobert Watson /*
164d8a7b7a3SRobert Watson  * Labeling event operations: file system objects, and things that look
165d8a7b7a3SRobert Watson  * a lot like file system objects.
166d8a7b7a3SRobert Watson  */
167d8a7b7a3SRobert Watson static void
1681c3f91cdSRobert Watson stub_associate_vnode_devfs(struct mount *mp, struct label *fslabel,
169763bbd2fSRobert Watson     struct devfs_dirent *de, struct label *delabel, struct vnode *vp,
170763bbd2fSRobert Watson     struct label *vlabel)
171763bbd2fSRobert Watson {
172763bbd2fSRobert Watson 
173763bbd2fSRobert Watson }
174763bbd2fSRobert Watson 
175763bbd2fSRobert Watson static int
1761c3f91cdSRobert Watson stub_associate_vnode_extattr(struct mount *mp, struct label *fslabel,
177763bbd2fSRobert Watson     struct vnode *vp, struct label *vlabel)
178763bbd2fSRobert Watson {
179763bbd2fSRobert Watson 
180763bbd2fSRobert Watson 	return (0);
181763bbd2fSRobert Watson }
182763bbd2fSRobert Watson 
183763bbd2fSRobert Watson static void
1841c3f91cdSRobert Watson stub_associate_vnode_singlelabel(struct mount *mp,
185763bbd2fSRobert Watson     struct label *fslabel, struct vnode *vp, struct label *vlabel)
186763bbd2fSRobert Watson {
187763bbd2fSRobert Watson 
188763bbd2fSRobert Watson }
189763bbd2fSRobert Watson 
190763bbd2fSRobert Watson static void
191d26dd2d9SRobert Watson stub_create_devfs_device(struct ucred *cred, struct mount *mp,
192d26dd2d9SRobert Watson     struct cdev *dev, struct devfs_dirent *devfs_dirent, struct label *label)
193eea8ea31SRobert Watson {
194eea8ea31SRobert Watson 
195eea8ea31SRobert Watson }
196eea8ea31SRobert Watson 
197eea8ea31SRobert Watson static void
1981c3f91cdSRobert Watson stub_create_devfs_directory(struct mount *mp, char *dirname,
199990b4b2dSRobert Watson     int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label)
200990b4b2dSRobert Watson {
201990b4b2dSRobert Watson 
202990b4b2dSRobert Watson }
203990b4b2dSRobert Watson 
204990b4b2dSRobert Watson static void
2051c3f91cdSRobert Watson stub_create_devfs_symlink(struct ucred *cred, struct mount *mp,
206990b4b2dSRobert Watson     struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de,
207990b4b2dSRobert Watson     struct label *delabel)
208d8a7b7a3SRobert Watson {
209d8a7b7a3SRobert Watson 
210d8a7b7a3SRobert Watson }
211d8a7b7a3SRobert Watson 
212763bbd2fSRobert Watson static int
2131c3f91cdSRobert Watson stub_create_vnode_extattr(struct ucred *cred, struct mount *mp,
214763bbd2fSRobert Watson     struct label *fslabel, struct vnode *dvp, struct label *dlabel,
215763bbd2fSRobert Watson     struct vnode *vp, struct label *vlabel, struct componentname *cnp)
216d8a7b7a3SRobert Watson {
217d8a7b7a3SRobert Watson 
218763bbd2fSRobert Watson 	return (0);
219d8a7b7a3SRobert Watson }
220d8a7b7a3SRobert Watson 
221d8a7b7a3SRobert Watson static void
2221c3f91cdSRobert Watson stub_create_mount(struct ucred *cred, struct mount *mp,
223d8a7b7a3SRobert Watson     struct label *mntlabel, struct label *fslabel)
224d8a7b7a3SRobert Watson {
225d8a7b7a3SRobert Watson 
226d8a7b7a3SRobert Watson }
227d8a7b7a3SRobert Watson 
228d8a7b7a3SRobert Watson static void
2291c3f91cdSRobert Watson stub_relabel_vnode(struct ucred *cred, struct vnode *vp,
230d8a7b7a3SRobert Watson     struct label *vnodelabel, struct label *label)
231d8a7b7a3SRobert Watson {
232d8a7b7a3SRobert Watson 
233d8a7b7a3SRobert Watson }
234d8a7b7a3SRobert Watson 
235d8a7b7a3SRobert Watson static int
2361c3f91cdSRobert Watson stub_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp,
237763bbd2fSRobert Watson     struct label *vlabel, struct label *intlabel)
238d8a7b7a3SRobert Watson {
239d8a7b7a3SRobert Watson 
240d8a7b7a3SRobert Watson 	return (0);
241d8a7b7a3SRobert Watson }
242d8a7b7a3SRobert Watson 
243d8a7b7a3SRobert Watson static void
2441c3f91cdSRobert Watson stub_update_devfsdirent(struct mount *mp,
245990b4b2dSRobert Watson     struct devfs_dirent *devfs_dirent, struct label *direntlabel,
246990b4b2dSRobert Watson     struct vnode *vp, struct label *vnodelabel)
247d8a7b7a3SRobert Watson {
248d8a7b7a3SRobert Watson 
249d8a7b7a3SRobert Watson }
250d8a7b7a3SRobert Watson 
251d8a7b7a3SRobert Watson /*
252d8a7b7a3SRobert Watson  * Labeling event operations: IPC object.
253d8a7b7a3SRobert Watson  */
254d8a7b7a3SRobert Watson static void
2551c3f91cdSRobert Watson stub_create_mbuf_from_socket(struct socket *so, struct label *socketlabel,
256d8a7b7a3SRobert Watson     struct mbuf *m, struct label *mbuflabel)
257d8a7b7a3SRobert Watson {
258d8a7b7a3SRobert Watson 
259d8a7b7a3SRobert Watson }
260d8a7b7a3SRobert Watson 
261d8a7b7a3SRobert Watson static void
2621c3f91cdSRobert Watson stub_create_socket(struct ucred *cred, struct socket *socket,
263d8a7b7a3SRobert Watson     struct label *socketlabel)
264d8a7b7a3SRobert Watson {
265d8a7b7a3SRobert Watson 
266d8a7b7a3SRobert Watson }
267d8a7b7a3SRobert Watson 
268d8a7b7a3SRobert Watson static void
26991c2dc94SRobert Watson stub_create_pipe(struct ucred *cred, struct pipepair *pp,
270d8a7b7a3SRobert Watson     struct label *pipelabel)
271d8a7b7a3SRobert Watson {
272d8a7b7a3SRobert Watson 
273d8a7b7a3SRobert Watson }
274d8a7b7a3SRobert Watson 
275d8a7b7a3SRobert Watson static void
27652648411SRobert Watson stub_create_posix_sem(struct ucred *cred, struct ksem *ksemptr,
27752648411SRobert Watson     struct label *ks_label)
27852648411SRobert Watson {
27952648411SRobert Watson 
28052648411SRobert Watson }
28152648411SRobert Watson 
28252648411SRobert Watson static void
2831c3f91cdSRobert Watson stub_create_socket_from_socket(struct socket *oldsocket,
284d8a7b7a3SRobert Watson     struct label *oldsocketlabel, struct socket *newsocket,
285d8a7b7a3SRobert Watson     struct label *newsocketlabel)
286d8a7b7a3SRobert Watson {
287d8a7b7a3SRobert Watson 
288d8a7b7a3SRobert Watson }
289d8a7b7a3SRobert Watson 
290d8a7b7a3SRobert Watson static void
2911c3f91cdSRobert Watson stub_relabel_socket(struct ucred *cred, struct socket *socket,
292d8a7b7a3SRobert Watson     struct label *socketlabel, struct label *newlabel)
293d8a7b7a3SRobert Watson {
294d8a7b7a3SRobert Watson 
295d8a7b7a3SRobert Watson }
296d8a7b7a3SRobert Watson 
297d8a7b7a3SRobert Watson static void
29891c2dc94SRobert Watson stub_relabel_pipe(struct ucred *cred, struct pipepair *pp,
299d8a7b7a3SRobert Watson     struct label *pipelabel, struct label *newlabel)
300d8a7b7a3SRobert Watson {
301d8a7b7a3SRobert Watson 
302d8a7b7a3SRobert Watson }
303d8a7b7a3SRobert Watson 
304d8a7b7a3SRobert Watson static void
3051c3f91cdSRobert Watson stub_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel,
306d8a7b7a3SRobert Watson     struct socket *socket, struct label *socketpeerlabel)
307d8a7b7a3SRobert Watson {
308d8a7b7a3SRobert Watson 
309d8a7b7a3SRobert Watson }
310d8a7b7a3SRobert Watson 
311d8a7b7a3SRobert Watson static void
3121c3f91cdSRobert Watson stub_set_socket_peer_from_socket(struct socket *oldsocket,
313d8a7b7a3SRobert Watson     struct label *oldsocketlabel, struct socket *newsocket,
314d8a7b7a3SRobert Watson     struct label *newsocketpeerlabel)
315d8a7b7a3SRobert Watson {
316d8a7b7a3SRobert Watson 
317d8a7b7a3SRobert Watson }
318d8a7b7a3SRobert Watson 
319d8a7b7a3SRobert Watson /*
320d8a7b7a3SRobert Watson  * Labeling event operations: network objects.
321d8a7b7a3SRobert Watson  */
322d8a7b7a3SRobert Watson static void
3231c3f91cdSRobert Watson stub_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d,
324d8a7b7a3SRobert Watson     struct label *bpflabel)
325d8a7b7a3SRobert Watson {
326d8a7b7a3SRobert Watson 
327d8a7b7a3SRobert Watson }
328d8a7b7a3SRobert Watson 
329d8a7b7a3SRobert Watson static void
3301c3f91cdSRobert Watson stub_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel,
331d8a7b7a3SRobert Watson     struct mbuf *datagram, struct label *datagramlabel)
332d8a7b7a3SRobert Watson {
333d8a7b7a3SRobert Watson 
334d8a7b7a3SRobert Watson }
335d8a7b7a3SRobert Watson 
336d8a7b7a3SRobert Watson static void
3371c3f91cdSRobert Watson stub_create_fragment(struct mbuf *datagram, struct label *datagramlabel,
338d8a7b7a3SRobert Watson     struct mbuf *fragment, struct label *fragmentlabel)
339d8a7b7a3SRobert Watson {
340d8a7b7a3SRobert Watson 
341d8a7b7a3SRobert Watson }
342d8a7b7a3SRobert Watson 
343d8a7b7a3SRobert Watson static void
3441c3f91cdSRobert Watson stub_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel)
345d8a7b7a3SRobert Watson {
346d8a7b7a3SRobert Watson 
347d8a7b7a3SRobert Watson }
348d8a7b7a3SRobert Watson 
349d8a7b7a3SRobert Watson static void
350a557af22SRobert Watson stub_create_inpcb_from_socket(struct socket *so, struct label *solabel,
351a557af22SRobert Watson     struct inpcb *inp, struct label *inplabel)
352a557af22SRobert Watson {
353a557af22SRobert Watson 
354a557af22SRobert Watson }
355a557af22SRobert Watson 
356a557af22SRobert Watson static void
357ba53d9c9SRobert Watson stub_create_sysv_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr,
358ba53d9c9SRobert Watson     struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
359ba53d9c9SRobert Watson {
360ba53d9c9SRobert Watson 
361ba53d9c9SRobert Watson }
362ba53d9c9SRobert Watson 
363ba53d9c9SRobert Watson static void
364ba53d9c9SRobert Watson stub_create_sysv_msgqueue(struct ucred *cred, struct msqid_kernel *msqkptr,
365ba53d9c9SRobert Watson     struct label *msqlabel)
366ba53d9c9SRobert Watson {
367ba53d9c9SRobert Watson 
368ba53d9c9SRobert Watson }
369ba53d9c9SRobert Watson 
370ba53d9c9SRobert Watson static void
3713831e7d7SRobert Watson stub_create_sysv_sem(struct ucred *cred, struct semid_kernel *semakptr,
372ba53d9c9SRobert Watson     struct label *semalabel)
373ba53d9c9SRobert Watson {
374ba53d9c9SRobert Watson 
375ba53d9c9SRobert Watson }
376ba53d9c9SRobert Watson 
377ba53d9c9SRobert Watson static void
378ba53d9c9SRobert Watson stub_create_sysv_shm(struct ucred *cred, struct shmid_kernel *shmsegptr,
379ba53d9c9SRobert Watson     struct label *shmalabel)
380ba53d9c9SRobert Watson {
381ba53d9c9SRobert Watson 
382ba53d9c9SRobert Watson }
383ba53d9c9SRobert Watson 
384ba53d9c9SRobert Watson static void
3851c3f91cdSRobert Watson stub_create_ipq(struct mbuf *fragment, struct label *fragmentlabel,
386d8a7b7a3SRobert Watson     struct ipq *ipq, struct label *ipqlabel)
387d8a7b7a3SRobert Watson {
388d8a7b7a3SRobert Watson 
389d8a7b7a3SRobert Watson }
390d8a7b7a3SRobert Watson 
391d8a7b7a3SRobert Watson static void
3922d92ec98SRobert Watson stub_create_mbuf_from_inpcb(struct inpcb *inp, struct label *inplabel,
3932d92ec98SRobert Watson     struct mbuf *m, struct label *mlabel)
3942d92ec98SRobert Watson {
3952d92ec98SRobert Watson 
3962d92ec98SRobert Watson }
3972d92ec98SRobert Watson 
3982d92ec98SRobert Watson static void
3991c3f91cdSRobert Watson stub_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel,
400d8a7b7a3SRobert Watson     struct mbuf *mbuf, struct label *mbuflabel)
401d8a7b7a3SRobert Watson {
402d8a7b7a3SRobert Watson 
403d8a7b7a3SRobert Watson }
404d8a7b7a3SRobert Watson 
405d8a7b7a3SRobert Watson static void
4061c3f91cdSRobert Watson stub_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel,
407d8a7b7a3SRobert Watson     struct mbuf *mbuf, struct label *mbuflabel)
408d8a7b7a3SRobert Watson {
409d8a7b7a3SRobert Watson 
410d8a7b7a3SRobert Watson }
411d8a7b7a3SRobert Watson 
412d8a7b7a3SRobert Watson static void
4131c3f91cdSRobert Watson stub_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel,
414d8a7b7a3SRobert Watson     struct mbuf *m, struct label *mbuflabel)
415d8a7b7a3SRobert Watson {
416d8a7b7a3SRobert Watson 
417d8a7b7a3SRobert Watson }
418d8a7b7a3SRobert Watson 
419d8a7b7a3SRobert Watson static void
4201c3f91cdSRobert Watson stub_create_mbuf_multicast_encap(struct mbuf *oldmbuf,
421d8a7b7a3SRobert Watson     struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel,
422d8a7b7a3SRobert Watson     struct mbuf *newmbuf, struct label *newmbuflabel)
423d8a7b7a3SRobert Watson {
424d8a7b7a3SRobert Watson 
425d8a7b7a3SRobert Watson }
426d8a7b7a3SRobert Watson 
427d8a7b7a3SRobert Watson static void
4281c3f91cdSRobert Watson stub_create_mbuf_netlayer(struct mbuf *oldmbuf,
429d8a7b7a3SRobert Watson     struct label *oldmbuflabel, struct mbuf *newmbuf, struct label *newmbuflabel)
430d8a7b7a3SRobert Watson {
431d8a7b7a3SRobert Watson 
432d8a7b7a3SRobert Watson }
433d8a7b7a3SRobert Watson 
434d8a7b7a3SRobert Watson static int
4351c3f91cdSRobert Watson stub_fragment_match(struct mbuf *fragment, struct label *fragmentlabel,
436d8a7b7a3SRobert Watson     struct ipq *ipq, struct label *ipqlabel)
437d8a7b7a3SRobert Watson {
438d8a7b7a3SRobert Watson 
439d8a7b7a3SRobert Watson 	return (1);
440d8a7b7a3SRobert Watson }
441d8a7b7a3SRobert Watson 
442d8a7b7a3SRobert Watson static void
44364f00af8SRobert Watson stub_reflect_mbuf_icmp(struct mbuf *m, struct label *mlabel)
44464f00af8SRobert Watson {
44564f00af8SRobert Watson 
44664f00af8SRobert Watson }
44764f00af8SRobert Watson 
44864f00af8SRobert Watson static void
44964f00af8SRobert Watson stub_reflect_mbuf_tcp(struct mbuf *m, struct label *mlabel)
45064f00af8SRobert Watson {
45164f00af8SRobert Watson 
45264f00af8SRobert Watson }
45364f00af8SRobert Watson 
45464f00af8SRobert Watson static void
4551c3f91cdSRobert Watson stub_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet,
456d8a7b7a3SRobert Watson     struct label *ifnetlabel, struct label *newlabel)
457d8a7b7a3SRobert Watson {
458d8a7b7a3SRobert Watson 
459d8a7b7a3SRobert Watson }
460d8a7b7a3SRobert Watson 
461d8a7b7a3SRobert Watson static void
4621c3f91cdSRobert Watson stub_update_ipq(struct mbuf *fragment, struct label *fragmentlabel,
463d8a7b7a3SRobert Watson     struct ipq *ipq, struct label *ipqlabel)
464d8a7b7a3SRobert Watson {
465d8a7b7a3SRobert Watson 
466d8a7b7a3SRobert Watson }
467d8a7b7a3SRobert Watson 
468a557af22SRobert Watson static void
469a557af22SRobert Watson stub_inpcb_sosetlabel(struct socket *so, struct label *solabel,
470a557af22SRobert Watson     struct inpcb *inp, struct label *inplabel)
471a557af22SRobert Watson {
472a557af22SRobert Watson 
473a557af22SRobert Watson }
474a557af22SRobert Watson 
475d8a7b7a3SRobert Watson /*
476d8a7b7a3SRobert Watson  * Labeling event operations: processes.
477d8a7b7a3SRobert Watson  */
478d8a7b7a3SRobert Watson static void
4791c3f91cdSRobert Watson stub_execve_transition(struct ucred *old, struct ucred *new,
480939b97cbSRobert Watson     struct vnode *vp, struct label *vnodelabel,
481ef5def59SRobert Watson     struct label *interpvnodelabel, struct image_params *imgp,
482ef5def59SRobert Watson     struct label *execlabel)
483d8a7b7a3SRobert Watson {
484d8a7b7a3SRobert Watson 
485d8a7b7a3SRobert Watson }
486d8a7b7a3SRobert Watson 
487d8a7b7a3SRobert Watson static int
4881c3f91cdSRobert Watson stub_execve_will_transition(struct ucred *old, struct vnode *vp,
489939b97cbSRobert Watson     struct label *vnodelabel, struct label *interpvnodelabel,
490ef5def59SRobert Watson     struct image_params *imgp, struct label *execlabel)
491d8a7b7a3SRobert Watson {
492d8a7b7a3SRobert Watson 
493d8a7b7a3SRobert Watson 	return (0);
494d8a7b7a3SRobert Watson }
495d8a7b7a3SRobert Watson 
496d8a7b7a3SRobert Watson static void
4971c3f91cdSRobert Watson stub_create_proc0(struct ucred *cred)
498d8a7b7a3SRobert Watson {
499d8a7b7a3SRobert Watson 
500d8a7b7a3SRobert Watson }
501d8a7b7a3SRobert Watson 
502d8a7b7a3SRobert Watson static void
5031c3f91cdSRobert Watson stub_create_proc1(struct ucred *cred)
504d8a7b7a3SRobert Watson {
505d8a7b7a3SRobert Watson 
506d8a7b7a3SRobert Watson }
507d8a7b7a3SRobert Watson 
508d8a7b7a3SRobert Watson static void
5091c3f91cdSRobert Watson stub_relabel_cred(struct ucred *cred, struct label *newlabel)
510d8a7b7a3SRobert Watson {
511d8a7b7a3SRobert Watson 
512d8a7b7a3SRobert Watson }
513d8a7b7a3SRobert Watson 
51409de2dc2SRobert Watson static void
5151c3f91cdSRobert Watson stub_thread_userret(struct thread *td)
51609de2dc2SRobert Watson {
51709de2dc2SRobert Watson 
51809de2dc2SRobert Watson }
51909de2dc2SRobert Watson 
520d8a7b7a3SRobert Watson /*
521ba53d9c9SRobert Watson  * Label cleanup/flush operations
522ba53d9c9SRobert Watson  */
523ba53d9c9SRobert Watson static void
524ba53d9c9SRobert Watson stub_cleanup_sysv_msgmsg(struct label *msglabel)
525ba53d9c9SRobert Watson {
526ba53d9c9SRobert Watson 
527ba53d9c9SRobert Watson }
528ba53d9c9SRobert Watson 
529ba53d9c9SRobert Watson static void
530ba53d9c9SRobert Watson stub_cleanup_sysv_msgqueue(struct label *msqlabel)
531ba53d9c9SRobert Watson {
532ba53d9c9SRobert Watson 
533ba53d9c9SRobert Watson }
534ba53d9c9SRobert Watson 
535ba53d9c9SRobert Watson static void
5363831e7d7SRobert Watson stub_cleanup_sysv_sem(struct label *semalabel)
537ba53d9c9SRobert Watson {
538ba53d9c9SRobert Watson 
539ba53d9c9SRobert Watson }
540ba53d9c9SRobert Watson 
541ba53d9c9SRobert Watson static void
542ba53d9c9SRobert Watson stub_cleanup_sysv_shm(struct label *shmlabel)
543ba53d9c9SRobert Watson {
544ba53d9c9SRobert Watson 
545ba53d9c9SRobert Watson }
546ba53d9c9SRobert Watson 
547ba53d9c9SRobert Watson /*
548d8a7b7a3SRobert Watson  * Access control checks.
549d8a7b7a3SRobert Watson  */
550d8a7b7a3SRobert Watson static int
5511c3f91cdSRobert Watson stub_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel,
552d8a7b7a3SRobert Watson     struct ifnet *ifnet, struct label *ifnet_label)
553d8a7b7a3SRobert Watson {
554d8a7b7a3SRobert Watson 
555d8a7b7a3SRobert Watson         return (0);
556d8a7b7a3SRobert Watson }
557d8a7b7a3SRobert Watson 
558d8a7b7a3SRobert Watson static int
5591c3f91cdSRobert Watson stub_check_cred_relabel(struct ucred *cred, struct label *newlabel)
560d8a7b7a3SRobert Watson {
561d8a7b7a3SRobert Watson 
562d8a7b7a3SRobert Watson 	return (0);
563d8a7b7a3SRobert Watson }
564d8a7b7a3SRobert Watson 
565d8a7b7a3SRobert Watson static int
5661c3f91cdSRobert Watson stub_check_cred_visible(struct ucred *u1, struct ucred *u2)
567d8a7b7a3SRobert Watson {
568d8a7b7a3SRobert Watson 
569d8a7b7a3SRobert Watson 	return (0);
570d8a7b7a3SRobert Watson }
571d8a7b7a3SRobert Watson 
572d8a7b7a3SRobert Watson static int
5731c3f91cdSRobert Watson stub_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet,
5741979061bSRobert Watson     struct label *ifnetlabel, struct label *newlabel)
575d8a7b7a3SRobert Watson {
576d8a7b7a3SRobert Watson 
577d8a7b7a3SRobert Watson 	return (0);
578d8a7b7a3SRobert Watson }
579d8a7b7a3SRobert Watson 
580d8a7b7a3SRobert Watson static int
5811c3f91cdSRobert Watson stub_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel,
582d8a7b7a3SRobert Watson     struct mbuf *m, struct label *mbuflabel)
583d8a7b7a3SRobert Watson {
584d8a7b7a3SRobert Watson 
585d8a7b7a3SRobert Watson 	return (0);
586d8a7b7a3SRobert Watson }
587d8a7b7a3SRobert Watson 
588d8a7b7a3SRobert Watson static int
589a557af22SRobert Watson stub_check_inpcb_deliver(struct inpcb *inp, struct label *inplabel,
590a557af22SRobert Watson     struct mbuf *m, struct label *mlabel)
591a557af22SRobert Watson {
592a557af22SRobert Watson 
593a557af22SRobert Watson 	return (0);
594a557af22SRobert Watson }
595a557af22SRobert Watson 
596a557af22SRobert Watson static int
597ba53d9c9SRobert Watson stub_check_sysv_msgmsq(struct ucred *cred, struct msg *msgptr,
598ba53d9c9SRobert Watson     struct label *msglabel, struct msqid_kernel *msqkptr,
599ba53d9c9SRobert Watson     struct label *msqklabel)
600ba53d9c9SRobert Watson {
601ba53d9c9SRobert Watson 
602ba53d9c9SRobert Watson 	return (0);
603ba53d9c9SRobert Watson }
604ba53d9c9SRobert Watson 
605ba53d9c9SRobert Watson static int
606ba53d9c9SRobert Watson stub_check_sysv_msgrcv(struct ucred *cred, struct msg *msgptr,
607ba53d9c9SRobert Watson     struct label *msglabel)
608ba53d9c9SRobert Watson {
609ba53d9c9SRobert Watson 
610ba53d9c9SRobert Watson 	return (0);
611ba53d9c9SRobert Watson }
612ba53d9c9SRobert Watson 
613ba53d9c9SRobert Watson 
614ba53d9c9SRobert Watson static int
615ba53d9c9SRobert Watson stub_check_sysv_msgrmid(struct ucred *cred, struct msg *msgptr,
616ba53d9c9SRobert Watson     struct label *msglabel)
617ba53d9c9SRobert Watson {
618ba53d9c9SRobert Watson 
619ba53d9c9SRobert Watson 	return (0);
620ba53d9c9SRobert Watson }
621ba53d9c9SRobert Watson 
622ba53d9c9SRobert Watson 
623ba53d9c9SRobert Watson static int
624ba53d9c9SRobert Watson stub_check_sysv_msqget(struct ucred *cred, struct msqid_kernel *msqkptr,
625ba53d9c9SRobert Watson     struct label *msqklabel)
626ba53d9c9SRobert Watson {
627ba53d9c9SRobert Watson 
628ba53d9c9SRobert Watson 	return (0);
629ba53d9c9SRobert Watson }
630ba53d9c9SRobert Watson 
631ba53d9c9SRobert Watson 
632ba53d9c9SRobert Watson static int
633ba53d9c9SRobert Watson stub_check_sysv_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr,
634ba53d9c9SRobert Watson     struct label *msqklabel)
635ba53d9c9SRobert Watson {
636ba53d9c9SRobert Watson 
637ba53d9c9SRobert Watson 	return (0);
638ba53d9c9SRobert Watson }
639ba53d9c9SRobert Watson 
640ba53d9c9SRobert Watson static int
641ba53d9c9SRobert Watson stub_check_sysv_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr,
642ba53d9c9SRobert Watson     struct label *msqklabel)
643ba53d9c9SRobert Watson {
644ba53d9c9SRobert Watson 
645ba53d9c9SRobert Watson 	return (0);
646ba53d9c9SRobert Watson }
647ba53d9c9SRobert Watson 
648ba53d9c9SRobert Watson 
649ba53d9c9SRobert Watson static int
650ba53d9c9SRobert Watson stub_check_sysv_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr,
651ba53d9c9SRobert Watson     struct label *msqklabel, int cmd)
652ba53d9c9SRobert Watson {
653ba53d9c9SRobert Watson 
654ba53d9c9SRobert Watson 	return (0);
655ba53d9c9SRobert Watson }
656ba53d9c9SRobert Watson 
657ba53d9c9SRobert Watson 
658ba53d9c9SRobert Watson static int
659ba53d9c9SRobert Watson stub_check_sysv_semctl(struct ucred *cred, struct semid_kernel *semakptr,
660ba53d9c9SRobert Watson     struct label *semaklabel, int cmd)
661ba53d9c9SRobert Watson {
662ba53d9c9SRobert Watson 
663ba53d9c9SRobert Watson 	return (0);
664ba53d9c9SRobert Watson }
665ba53d9c9SRobert Watson 
666ba53d9c9SRobert Watson static int
667ba53d9c9SRobert Watson stub_check_sysv_semget(struct ucred *cred, struct semid_kernel *semakptr,
668ba53d9c9SRobert Watson     struct label *semaklabel)
669ba53d9c9SRobert Watson {
670ba53d9c9SRobert Watson 
671ba53d9c9SRobert Watson 	return (0);
672ba53d9c9SRobert Watson }
673ba53d9c9SRobert Watson 
674ba53d9c9SRobert Watson 
675ba53d9c9SRobert Watson static int
676ba53d9c9SRobert Watson stub_check_sysv_semop(struct ucred *cred, struct semid_kernel *semakptr,
677ba53d9c9SRobert Watson     struct label *semaklabel, size_t accesstype)
678ba53d9c9SRobert Watson {
679ba53d9c9SRobert Watson 
680ba53d9c9SRobert Watson 	return (0);
681ba53d9c9SRobert Watson }
682ba53d9c9SRobert Watson 
683ba53d9c9SRobert Watson static int
684ba53d9c9SRobert Watson stub_check_sysv_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr,
685ba53d9c9SRobert Watson     struct label *shmseglabel, int shmflg)
686ba53d9c9SRobert Watson {
687ba53d9c9SRobert Watson 
688ba53d9c9SRobert Watson 	return (0);
689ba53d9c9SRobert Watson }
690ba53d9c9SRobert Watson 
691ba53d9c9SRobert Watson static int
692ba53d9c9SRobert Watson stub_check_sysv_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr,
693ba53d9c9SRobert Watson     struct label *shmseglabel, int cmd)
694ba53d9c9SRobert Watson {
695ba53d9c9SRobert Watson 
696ba53d9c9SRobert Watson 	return (0);
697ba53d9c9SRobert Watson }
698ba53d9c9SRobert Watson 
699ba53d9c9SRobert Watson static int
700ba53d9c9SRobert Watson stub_check_sysv_shmdt(struct ucred *cred, struct shmid_kernel *shmsegptr,
701ba53d9c9SRobert Watson     struct label *shmseglabel)
702ba53d9c9SRobert Watson {
703ba53d9c9SRobert Watson 
704ba53d9c9SRobert Watson 	return (0);
705ba53d9c9SRobert Watson }
706ba53d9c9SRobert Watson 
707ba53d9c9SRobert Watson 
708ba53d9c9SRobert Watson static int
709ba53d9c9SRobert Watson stub_check_sysv_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr,
710ba53d9c9SRobert Watson     struct label *shmseglabel, int shmflg)
711ba53d9c9SRobert Watson {
712ba53d9c9SRobert Watson 
713ba53d9c9SRobert Watson 	return (0);
714ba53d9c9SRobert Watson }
715ba53d9c9SRobert Watson 
716ba53d9c9SRobert Watson static int
7171c3f91cdSRobert Watson stub_check_kenv_dump(struct ucred *cred)
71809de2dc2SRobert Watson {
71909de2dc2SRobert Watson 
72009de2dc2SRobert Watson 	return (0);
72109de2dc2SRobert Watson }
72209de2dc2SRobert Watson 
72309de2dc2SRobert Watson static int
7241c3f91cdSRobert Watson stub_check_kenv_get(struct ucred *cred, char *name)
72509de2dc2SRobert Watson {
72609de2dc2SRobert Watson 
72709de2dc2SRobert Watson 	return (0);
72809de2dc2SRobert Watson }
72909de2dc2SRobert Watson 
73009de2dc2SRobert Watson static int
7311c3f91cdSRobert Watson stub_check_kenv_set(struct ucred *cred, char *name, char *value)
73209de2dc2SRobert Watson {
73309de2dc2SRobert Watson 
73409de2dc2SRobert Watson 	return (0);
73509de2dc2SRobert Watson }
73609de2dc2SRobert Watson 
73709de2dc2SRobert Watson static int
7381c3f91cdSRobert Watson stub_check_kenv_unset(struct ucred *cred, char *name)
73909de2dc2SRobert Watson {
74009de2dc2SRobert Watson 
74109de2dc2SRobert Watson 	return (0);
74209de2dc2SRobert Watson }
74309de2dc2SRobert Watson 
74409de2dc2SRobert Watson static int
7451c3f91cdSRobert Watson stub_check_kld_load(struct ucred *cred, struct vnode *vp,
74609de2dc2SRobert Watson     struct label *vlabel)
74709de2dc2SRobert Watson {
74809de2dc2SRobert Watson 
74909de2dc2SRobert Watson 	return (0);
75009de2dc2SRobert Watson }
75109de2dc2SRobert Watson 
75209de2dc2SRobert Watson static int
7531c3f91cdSRobert Watson stub_check_kld_stat(struct ucred *cred)
75409de2dc2SRobert Watson {
75509de2dc2SRobert Watson 
75609de2dc2SRobert Watson 	return (0);
75709de2dc2SRobert Watson }
75809de2dc2SRobert Watson 
75909de2dc2SRobert Watson static int
7601c3f91cdSRobert Watson stub_check_kld_unload(struct ucred *cred)
76109de2dc2SRobert Watson {
76209de2dc2SRobert Watson 
76309de2dc2SRobert Watson 	return (0);
76409de2dc2SRobert Watson }
76509de2dc2SRobert Watson 
76609de2dc2SRobert Watson static int
7671c3f91cdSRobert Watson stub_check_mount_stat(struct ucred *cred, struct mount *mp,
768d8a7b7a3SRobert Watson     struct label *mntlabel)
769d8a7b7a3SRobert Watson {
770d8a7b7a3SRobert Watson 
771d8a7b7a3SRobert Watson 	return (0);
772d8a7b7a3SRobert Watson }
773d8a7b7a3SRobert Watson 
774d8a7b7a3SRobert Watson static int
77591c2dc94SRobert Watson stub_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp,
776d8a7b7a3SRobert Watson     struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
777d8a7b7a3SRobert Watson {
778d8a7b7a3SRobert Watson 
779d8a7b7a3SRobert Watson 	return (0);
780d8a7b7a3SRobert Watson }
781d8a7b7a3SRobert Watson 
782d8a7b7a3SRobert Watson static int
78391c2dc94SRobert Watson stub_check_pipe_poll(struct ucred *cred, struct pipepair *pp,
784c024c3eeSRobert Watson     struct label *pipelabel)
785c024c3eeSRobert Watson {
786c024c3eeSRobert Watson 
787c024c3eeSRobert Watson 	return (0);
788c024c3eeSRobert Watson }
789c024c3eeSRobert Watson 
790c024c3eeSRobert Watson static int
79191c2dc94SRobert Watson stub_check_pipe_read(struct ucred *cred, struct pipepair *pp,
792c024c3eeSRobert Watson     struct label *pipelabel)
793d8a7b7a3SRobert Watson {
794d8a7b7a3SRobert Watson 
795d8a7b7a3SRobert Watson 	return (0);
796d8a7b7a3SRobert Watson }
797d8a7b7a3SRobert Watson 
798d8a7b7a3SRobert Watson static int
79991c2dc94SRobert Watson stub_check_pipe_relabel(struct ucred *cred, struct pipepair *pp,
800d8a7b7a3SRobert Watson     struct label *pipelabel, struct label *newlabel)
801d8a7b7a3SRobert Watson {
802d8a7b7a3SRobert Watson 
803d8a7b7a3SRobert Watson 	return (0);
804d8a7b7a3SRobert Watson }
805d8a7b7a3SRobert Watson 
806d8a7b7a3SRobert Watson static int
80791c2dc94SRobert Watson stub_check_pipe_stat(struct ucred *cred, struct pipepair *pp,
808c024c3eeSRobert Watson     struct label *pipelabel)
809c024c3eeSRobert Watson {
810c024c3eeSRobert Watson 
811c024c3eeSRobert Watson 	return (0);
812c024c3eeSRobert Watson }
813c024c3eeSRobert Watson 
814c024c3eeSRobert Watson static int
81591c2dc94SRobert Watson stub_check_pipe_write(struct ucred *cred, struct pipepair *pp,
816c024c3eeSRobert Watson     struct label *pipelabel)
817c024c3eeSRobert Watson {
818c024c3eeSRobert Watson 
819c024c3eeSRobert Watson 	return (0);
820c024c3eeSRobert Watson }
821c024c3eeSRobert Watson 
822c024c3eeSRobert Watson static int
82352648411SRobert Watson stub_check_posix_sem_destroy(struct ucred *cred, struct ksem *ksemptr,
82452648411SRobert Watson     struct label *ks_label)
82552648411SRobert Watson {
82652648411SRobert Watson 
82752648411SRobert Watson 	return (0);
82852648411SRobert Watson }
82952648411SRobert Watson 
83052648411SRobert Watson static int
83152648411SRobert Watson stub_check_posix_sem_getvalue(struct ucred *cred, struct ksem *ksemptr,
83252648411SRobert Watson     struct label *ks_label)
83352648411SRobert Watson {
83452648411SRobert Watson 
83552648411SRobert Watson 	return (0);
83652648411SRobert Watson }
83752648411SRobert Watson 
83852648411SRobert Watson static int
83952648411SRobert Watson stub_check_posix_sem_open(struct ucred *cred, struct ksem *ksemptr,
84052648411SRobert Watson     struct label *ks_label)
84152648411SRobert Watson {
84252648411SRobert Watson 
84352648411SRobert Watson 	return (0);
84452648411SRobert Watson }
84552648411SRobert Watson 
84652648411SRobert Watson static int
84752648411SRobert Watson stub_check_posix_sem_post(struct ucred *cred, struct ksem *ksemptr,
84852648411SRobert Watson     struct label *ks_label)
84952648411SRobert Watson {
85052648411SRobert Watson 
85152648411SRobert Watson 	return (0);
85252648411SRobert Watson }
85352648411SRobert Watson 
85452648411SRobert Watson static int
85552648411SRobert Watson stub_check_posix_sem_unlink(struct ucred *cred, struct ksem *ksemptr,
85652648411SRobert Watson     struct label *ks_label)
85752648411SRobert Watson {
85852648411SRobert Watson 
85952648411SRobert Watson 	return (0);
86052648411SRobert Watson }
86152648411SRobert Watson 
86252648411SRobert Watson static int
86352648411SRobert Watson stub_check_posix_sem_wait(struct ucred *cred, struct ksem *ksemptr,
86452648411SRobert Watson     struct label *ks_label)
86552648411SRobert Watson {
86652648411SRobert Watson 
86752648411SRobert Watson 	return (0);
86852648411SRobert Watson }
86952648411SRobert Watson 
87052648411SRobert Watson static int
8711c3f91cdSRobert Watson stub_check_proc_debug(struct ucred *cred, struct proc *proc)
872d8a7b7a3SRobert Watson {
873d8a7b7a3SRobert Watson 
874d8a7b7a3SRobert Watson 	return (0);
875d8a7b7a3SRobert Watson }
876d8a7b7a3SRobert Watson 
877d8a7b7a3SRobert Watson static int
8781c3f91cdSRobert Watson stub_check_proc_sched(struct ucred *cred, struct proc *proc)
879d8a7b7a3SRobert Watson {
880d8a7b7a3SRobert Watson 
881d8a7b7a3SRobert Watson 	return (0);
882d8a7b7a3SRobert Watson }
883d8a7b7a3SRobert Watson 
884d8a7b7a3SRobert Watson static int
8851c3f91cdSRobert Watson stub_check_proc_signal(struct ucred *cred, struct proc *proc, int signum)
886d8a7b7a3SRobert Watson {
887d8a7b7a3SRobert Watson 
888d8a7b7a3SRobert Watson 	return (0);
889d8a7b7a3SRobert Watson }
890d8a7b7a3SRobert Watson 
891d8a7b7a3SRobert Watson static int
892babe9a2bSRobert Watson stub_check_proc_wait(struct ucred *cred, struct proc *proc)
893babe9a2bSRobert Watson {
894babe9a2bSRobert Watson 
895babe9a2bSRobert Watson 	return (0);
896babe9a2bSRobert Watson }
897babe9a2bSRobert Watson 
898babe9a2bSRobert Watson static int
899030a28b3SRobert Watson stub_check_proc_setuid(struct ucred *cred, uid_t uid)
900030a28b3SRobert Watson {
901030a28b3SRobert Watson 
902030a28b3SRobert Watson 	return (0);
903030a28b3SRobert Watson }
904030a28b3SRobert Watson 
905030a28b3SRobert Watson static int
906030a28b3SRobert Watson stub_check_proc_seteuid(struct ucred *cred, uid_t euid)
907030a28b3SRobert Watson {
908030a28b3SRobert Watson 
909030a28b3SRobert Watson 	return (0);
910030a28b3SRobert Watson }
911030a28b3SRobert Watson 
912030a28b3SRobert Watson static int
913030a28b3SRobert Watson stub_check_proc_setgid(struct ucred *cred, gid_t gid)
914030a28b3SRobert Watson {
915030a28b3SRobert Watson 
916030a28b3SRobert Watson 	return (0);
917030a28b3SRobert Watson }
918030a28b3SRobert Watson 
919030a28b3SRobert Watson static int
920030a28b3SRobert Watson stub_check_proc_setegid(struct ucred *cred, gid_t egid)
921030a28b3SRobert Watson {
922030a28b3SRobert Watson 
923030a28b3SRobert Watson 	return (0);
924030a28b3SRobert Watson }
925030a28b3SRobert Watson 
926030a28b3SRobert Watson static int
927030a28b3SRobert Watson stub_check_proc_setgroups(struct ucred *cred, int ngroups,
928030a28b3SRobert Watson 	gid_t *gidset)
929030a28b3SRobert Watson {
930030a28b3SRobert Watson 
931030a28b3SRobert Watson 	return (0);
932030a28b3SRobert Watson }
933030a28b3SRobert Watson 
934030a28b3SRobert Watson static int
935030a28b3SRobert Watson stub_check_proc_setreuid(struct ucred *cred, uid_t ruid, uid_t euid)
936030a28b3SRobert Watson {
937030a28b3SRobert Watson 
938030a28b3SRobert Watson 	return (0);
939030a28b3SRobert Watson }
940030a28b3SRobert Watson 
941030a28b3SRobert Watson static int
942030a28b3SRobert Watson stub_check_proc_setregid(struct ucred *cred, gid_t rgid, gid_t egid)
943030a28b3SRobert Watson {
944030a28b3SRobert Watson 
945030a28b3SRobert Watson 	return (0);
946030a28b3SRobert Watson }
947030a28b3SRobert Watson 
948030a28b3SRobert Watson static int
949030a28b3SRobert Watson stub_check_proc_setresuid(struct ucred *cred, uid_t ruid, uid_t euid,
950030a28b3SRobert Watson 	uid_t suid)
951030a28b3SRobert Watson {
952030a28b3SRobert Watson 
953030a28b3SRobert Watson 	return (0);
954030a28b3SRobert Watson }
955030a28b3SRobert Watson 
956030a28b3SRobert Watson static int
957030a28b3SRobert Watson stub_check_proc_setresgid(struct ucred *cred, gid_t rgid, gid_t egid,
958030a28b3SRobert Watson 	gid_t sgid)
959030a28b3SRobert Watson {
960030a28b3SRobert Watson 
961030a28b3SRobert Watson 	return (0);
962030a28b3SRobert Watson }
963030a28b3SRobert Watson 
964030a28b3SRobert Watson static int
9657f53207bSRobert Watson stub_check_socket_accept(struct ucred *cred, struct socket *socket,
9667f53207bSRobert Watson     struct label *socketlabel)
9677f53207bSRobert Watson {
9687f53207bSRobert Watson 
9697f53207bSRobert Watson 	return (0);
9707f53207bSRobert Watson }
9717f53207bSRobert Watson 
9727f53207bSRobert Watson static int
9731c3f91cdSRobert Watson stub_check_socket_bind(struct ucred *cred, struct socket *socket,
974d8a7b7a3SRobert Watson     struct label *socketlabel, struct sockaddr *sockaddr)
975d8a7b7a3SRobert Watson {
976d8a7b7a3SRobert Watson 
977d8a7b7a3SRobert Watson 	return (0);
978d8a7b7a3SRobert Watson }
979d8a7b7a3SRobert Watson 
980d8a7b7a3SRobert Watson static int
9811c3f91cdSRobert Watson stub_check_socket_connect(struct ucred *cred, struct socket *socket,
982d8a7b7a3SRobert Watson     struct label *socketlabel, struct sockaddr *sockaddr)
983d8a7b7a3SRobert Watson {
984d8a7b7a3SRobert Watson 
985d8a7b7a3SRobert Watson 	return (0);
986d8a7b7a3SRobert Watson }
987d8a7b7a3SRobert Watson 
988d8a7b7a3SRobert Watson static int
9896758f88eSRobert Watson stub_check_socket_create(struct ucred *cred, int domain, int type,
9906758f88eSRobert Watson     int protocol)
9916758f88eSRobert Watson {
9926758f88eSRobert Watson 
9936758f88eSRobert Watson 	return (0);
9946758f88eSRobert Watson }
9956758f88eSRobert Watson 
9966758f88eSRobert Watson static int
9971c3f91cdSRobert Watson stub_check_socket_deliver(struct socket *so, struct label *socketlabel,
998fb95b5d3SRobert Watson     struct mbuf *m, struct label *mbuflabel)
999d8a7b7a3SRobert Watson {
1000d8a7b7a3SRobert Watson 
1001d8a7b7a3SRobert Watson 	return (0);
1002d8a7b7a3SRobert Watson }
1003d8a7b7a3SRobert Watson 
1004d8a7b7a3SRobert Watson static int
10051c3f91cdSRobert Watson stub_check_socket_listen(struct ucred *cred, struct socket *so,
1006fb95b5d3SRobert Watson     struct label *socketlabel)
1007d8a7b7a3SRobert Watson {
1008d8a7b7a3SRobert Watson 
1009d8a7b7a3SRobert Watson 	return (0);
1010d8a7b7a3SRobert Watson }
1011d8a7b7a3SRobert Watson 
1012d8a7b7a3SRobert Watson static int
10137f53207bSRobert Watson stub_check_socket_poll(struct ucred *cred, struct socket *so,
10147f53207bSRobert Watson     struct label *socketlabel)
10157f53207bSRobert Watson {
10167f53207bSRobert Watson 
10177f53207bSRobert Watson 	return (0);
10187f53207bSRobert Watson }
10197f53207bSRobert Watson 
10207f53207bSRobert Watson static int
10217f53207bSRobert Watson stub_check_socket_receive(struct ucred *cred, struct socket *so,
10227f53207bSRobert Watson     struct label *socketlabel)
10237f53207bSRobert Watson {
10247f53207bSRobert Watson 
10257f53207bSRobert Watson 	return (0);
10267f53207bSRobert Watson }
10277f53207bSRobert Watson 
10287f53207bSRobert Watson static int
10291c3f91cdSRobert Watson stub_check_socket_relabel(struct ucred *cred, struct socket *socket,
1030d8a7b7a3SRobert Watson     struct label *socketlabel, struct label *newlabel)
1031d8a7b7a3SRobert Watson {
1032d8a7b7a3SRobert Watson 
1033d8a7b7a3SRobert Watson 	return (0);
1034d8a7b7a3SRobert Watson }
10357f53207bSRobert Watson static int
10367f53207bSRobert Watson stub_check_socket_send(struct ucred *cred, struct socket *so,
10377f53207bSRobert Watson     struct label *socketlabel)
10387f53207bSRobert Watson {
10397f53207bSRobert Watson 
10407f53207bSRobert Watson 	return (0);
10417f53207bSRobert Watson }
10427f53207bSRobert Watson 
10437f53207bSRobert Watson static int
10447f53207bSRobert Watson stub_check_socket_stat(struct ucred *cred, struct socket *so,
10457f53207bSRobert Watson     struct label *socketlabel)
10467f53207bSRobert Watson {
10477f53207bSRobert Watson 
10487f53207bSRobert Watson 	return (0);
10497f53207bSRobert Watson }
1050d8a7b7a3SRobert Watson 
1051d8a7b7a3SRobert Watson static int
10521c3f91cdSRobert Watson stub_check_socket_visible(struct ucred *cred, struct socket *socket,
1053d8a7b7a3SRobert Watson    struct label *socketlabel)
1054d8a7b7a3SRobert Watson {
1055d8a7b7a3SRobert Watson 
1056d8a7b7a3SRobert Watson 	return (0);
1057d8a7b7a3SRobert Watson }
1058d8a7b7a3SRobert Watson 
1059d8a7b7a3SRobert Watson static int
10601c3f91cdSRobert Watson stub_check_sysarch_ioperm(struct ucred *cred)
106109de2dc2SRobert Watson {
106209de2dc2SRobert Watson 
106309de2dc2SRobert Watson 	return (0);
106409de2dc2SRobert Watson }
106509de2dc2SRobert Watson 
106609de2dc2SRobert Watson static int
10671c3f91cdSRobert Watson stub_check_system_acct(struct ucred *cred, struct vnode *vp,
106809de2dc2SRobert Watson     struct label *vlabel)
106909de2dc2SRobert Watson {
107009de2dc2SRobert Watson 
107109de2dc2SRobert Watson 	return (0);
107209de2dc2SRobert Watson }
107309de2dc2SRobert Watson 
107409de2dc2SRobert Watson static int
10751c3f91cdSRobert Watson stub_check_system_reboot(struct ucred *cred, int how)
1076927f6069SRobert Watson {
1077927f6069SRobert Watson 
1078927f6069SRobert Watson 	return (0);
1079927f6069SRobert Watson }
1080927f6069SRobert Watson 
1081927f6069SRobert Watson static int
10821c3f91cdSRobert Watson stub_check_system_settime(struct ucred *cred)
108309de2dc2SRobert Watson {
108409de2dc2SRobert Watson 
108509de2dc2SRobert Watson 	return (0);
108609de2dc2SRobert Watson }
108709de2dc2SRobert Watson 
108809de2dc2SRobert Watson static int
10891c3f91cdSRobert Watson stub_check_system_swapon(struct ucred *cred, struct vnode *vp,
1090927f6069SRobert Watson     struct label *label)
1091927f6069SRobert Watson {
1092927f6069SRobert Watson 
1093927f6069SRobert Watson 	return (0);
1094927f6069SRobert Watson }
1095927f6069SRobert Watson 
1096927f6069SRobert Watson static int
10971c3f91cdSRobert Watson stub_check_system_swapoff(struct ucred *cred, struct vnode *vp,
109809de2dc2SRobert Watson     struct label *label)
109909de2dc2SRobert Watson {
110009de2dc2SRobert Watson 
110109de2dc2SRobert Watson 	return (0);
110209de2dc2SRobert Watson }
110309de2dc2SRobert Watson 
110409de2dc2SRobert Watson static int
110563dba32bSPawel Jakub Dawidek stub_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
110663dba32bSPawel Jakub Dawidek     void *arg1, int arg2, struct sysctl_req *req)
1107927f6069SRobert Watson {
1108927f6069SRobert Watson 
1109927f6069SRobert Watson 	return (0);
1110927f6069SRobert Watson }
1111927f6069SRobert Watson 
1112927f6069SRobert Watson static int
11131c3f91cdSRobert Watson stub_check_vnode_access(struct ucred *cred, struct vnode *vp,
1114b914de36SRobert Watson     struct label *label, int acc_mode)
1115d8a7b7a3SRobert Watson {
1116d8a7b7a3SRobert Watson 
1117d8a7b7a3SRobert Watson 	return (0);
1118d8a7b7a3SRobert Watson }
1119d8a7b7a3SRobert Watson 
1120d8a7b7a3SRobert Watson static int
11211c3f91cdSRobert Watson stub_check_vnode_chdir(struct ucred *cred, struct vnode *dvp,
1122d8a7b7a3SRobert Watson     struct label *dlabel)
1123d8a7b7a3SRobert Watson {
1124d8a7b7a3SRobert Watson 
1125d8a7b7a3SRobert Watson 	return (0);
1126d8a7b7a3SRobert Watson }
1127d8a7b7a3SRobert Watson 
1128d8a7b7a3SRobert Watson static int
11291c3f91cdSRobert Watson stub_check_vnode_chroot(struct ucred *cred, struct vnode *dvp,
1130d8a7b7a3SRobert Watson     struct label *dlabel)
1131d8a7b7a3SRobert Watson {
1132d8a7b7a3SRobert Watson 
1133d8a7b7a3SRobert Watson 	return (0);
1134d8a7b7a3SRobert Watson }
1135d8a7b7a3SRobert Watson 
1136d8a7b7a3SRobert Watson static int
11371c3f91cdSRobert Watson stub_check_vnode_create(struct ucred *cred, struct vnode *dvp,
1138d8a7b7a3SRobert Watson     struct label *dlabel, struct componentname *cnp, struct vattr *vap)
1139d8a7b7a3SRobert Watson {
1140d8a7b7a3SRobert Watson 
1141d8a7b7a3SRobert Watson 	return (0);
1142d8a7b7a3SRobert Watson }
1143d8a7b7a3SRobert Watson 
1144d8a7b7a3SRobert Watson static int
11451c3f91cdSRobert Watson stub_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
1146d8a7b7a3SRobert Watson     struct label *dlabel, struct vnode *vp, struct label *label,
1147d8a7b7a3SRobert Watson     struct componentname *cnp)
1148d8a7b7a3SRobert Watson {
1149d8a7b7a3SRobert Watson 
1150d8a7b7a3SRobert Watson 	return (0);
1151d8a7b7a3SRobert Watson }
1152d8a7b7a3SRobert Watson 
1153d8a7b7a3SRobert Watson static int
11541c3f91cdSRobert Watson stub_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
1155d8a7b7a3SRobert Watson     struct label *label, acl_type_t type)
1156d8a7b7a3SRobert Watson {
1157d8a7b7a3SRobert Watson 
1158d8a7b7a3SRobert Watson 	return (0);
1159d8a7b7a3SRobert Watson }
1160d8a7b7a3SRobert Watson 
1161d8a7b7a3SRobert Watson static int
116264f00af8SRobert Watson stub_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp,
116364f00af8SRobert Watson     struct label *label, int attrnamespace, const char *name)
116464f00af8SRobert Watson {
116564f00af8SRobert Watson 
116664f00af8SRobert Watson 	return (0);
116764f00af8SRobert Watson }
116864f00af8SRobert Watson 
116964f00af8SRobert Watson static int
11701c3f91cdSRobert Watson stub_check_vnode_exec(struct ucred *cred, struct vnode *vp,
1171ef5def59SRobert Watson     struct label *label, struct image_params *imgp,
1172ef5def59SRobert Watson     struct label *execlabel)
1173d8a7b7a3SRobert Watson {
1174d8a7b7a3SRobert Watson 
1175d8a7b7a3SRobert Watson 	return (0);
1176d8a7b7a3SRobert Watson }
1177d8a7b7a3SRobert Watson 
1178d8a7b7a3SRobert Watson static int
11791c3f91cdSRobert Watson stub_check_vnode_getacl(struct ucred *cred, struct vnode *vp,
1180d8a7b7a3SRobert Watson     struct label *label, acl_type_t type)
1181d8a7b7a3SRobert Watson {
1182d8a7b7a3SRobert Watson 
1183d8a7b7a3SRobert Watson 	return (0);
1184d8a7b7a3SRobert Watson }
1185d8a7b7a3SRobert Watson 
1186d8a7b7a3SRobert Watson static int
11871c3f91cdSRobert Watson stub_check_vnode_getextattr(struct ucred *cred, struct vnode *vp,
1188d8a7b7a3SRobert Watson     struct label *label, int attrnamespace, const char *name, struct uio *uio)
1189d8a7b7a3SRobert Watson {
1190d8a7b7a3SRobert Watson 
1191d8a7b7a3SRobert Watson 	return (0);
1192d8a7b7a3SRobert Watson }
1193d8a7b7a3SRobert Watson 
1194d8a7b7a3SRobert Watson static int
11951c3f91cdSRobert Watson stub_check_vnode_link(struct ucred *cred, struct vnode *dvp,
1196c27b50f5SRobert Watson     struct label *dlabel, struct vnode *vp, struct label *label,
1197c27b50f5SRobert Watson     struct componentname *cnp)
1198c27b50f5SRobert Watson {
1199c27b50f5SRobert Watson 
1200c27b50f5SRobert Watson 	return (0);
1201c27b50f5SRobert Watson }
1202c27b50f5SRobert Watson 
1203c27b50f5SRobert Watson static int
120464f00af8SRobert Watson stub_check_vnode_listextattr(struct ucred *cred, struct vnode *vp,
120564f00af8SRobert Watson     struct label *label, int attrnamespace)
120664f00af8SRobert Watson {
120764f00af8SRobert Watson 
120864f00af8SRobert Watson 	return (0);
120964f00af8SRobert Watson }
121064f00af8SRobert Watson 
121164f00af8SRobert Watson static int
12121c3f91cdSRobert Watson stub_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
1213d8a7b7a3SRobert Watson     struct label *dlabel, struct componentname *cnp)
1214d8a7b7a3SRobert Watson {
1215d8a7b7a3SRobert Watson 
1216d8a7b7a3SRobert Watson 	return (0);
1217d8a7b7a3SRobert Watson }
1218d8a7b7a3SRobert Watson 
1219d8a7b7a3SRobert Watson static int
12201c3f91cdSRobert Watson stub_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
1221c92163dcSChristian S.J. Peron     struct label *label, int prot, int flags)
1222e183f80eSRobert Watson {
1223e183f80eSRobert Watson 
1224e183f80eSRobert Watson 	return (0);
1225e183f80eSRobert Watson }
1226e183f80eSRobert Watson 
1227e183f80eSRobert Watson static int
12281c3f91cdSRobert Watson stub_check_vnode_open(struct ucred *cred, struct vnode *vp,
1229b914de36SRobert Watson     struct label *filelabel, int acc_mode)
1230d8a7b7a3SRobert Watson {
1231d8a7b7a3SRobert Watson 
1232d8a7b7a3SRobert Watson 	return (0);
1233d8a7b7a3SRobert Watson }
1234d8a7b7a3SRobert Watson 
1235d8a7b7a3SRobert Watson static int
12361c3f91cdSRobert Watson stub_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred,
1237177142e4SRobert Watson     struct vnode *vp, struct label *label)
12387f724f8bSRobert Watson {
12397f724f8bSRobert Watson 
12407f724f8bSRobert Watson 	return (0);
12417f724f8bSRobert Watson }
12427f724f8bSRobert Watson 
12437f724f8bSRobert Watson static int
12441c3f91cdSRobert Watson stub_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred,
1245177142e4SRobert Watson     struct vnode *vp, struct label *label)
12467f724f8bSRobert Watson {
12477f724f8bSRobert Watson 
12487f724f8bSRobert Watson 	return (0);
12497f724f8bSRobert Watson }
12507f724f8bSRobert Watson 
12517f724f8bSRobert Watson static int
12521c3f91cdSRobert Watson stub_check_vnode_readdir(struct ucred *cred, struct vnode *vp,
1253d8a7b7a3SRobert Watson     struct label *dlabel)
1254d8a7b7a3SRobert Watson {
1255d8a7b7a3SRobert Watson 
1256d8a7b7a3SRobert Watson 	return (0);
1257d8a7b7a3SRobert Watson }
1258d8a7b7a3SRobert Watson 
1259d8a7b7a3SRobert Watson static int
12601c3f91cdSRobert Watson stub_check_vnode_readlink(struct ucred *cred, struct vnode *vp,
1261d8a7b7a3SRobert Watson     struct label *vnodelabel)
1262d8a7b7a3SRobert Watson {
1263d8a7b7a3SRobert Watson 
1264d8a7b7a3SRobert Watson 	return (0);
1265d8a7b7a3SRobert Watson }
1266d8a7b7a3SRobert Watson 
1267d8a7b7a3SRobert Watson static int
12681c3f91cdSRobert Watson stub_check_vnode_relabel(struct ucred *cred, struct vnode *vp,
1269d8a7b7a3SRobert Watson     struct label *vnodelabel, struct label *newlabel)
1270d8a7b7a3SRobert Watson {
1271d8a7b7a3SRobert Watson 
1272d8a7b7a3SRobert Watson 	return (0);
1273d8a7b7a3SRobert Watson }
1274d8a7b7a3SRobert Watson 
1275d8a7b7a3SRobert Watson static int
12761c3f91cdSRobert Watson stub_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
1277d8a7b7a3SRobert Watson     struct label *dlabel, struct vnode *vp, struct label *label,
1278d8a7b7a3SRobert Watson     struct componentname *cnp)
1279d8a7b7a3SRobert Watson {
1280d8a7b7a3SRobert Watson 
1281d8a7b7a3SRobert Watson 	return (0);
1282d8a7b7a3SRobert Watson }
1283d8a7b7a3SRobert Watson 
1284d8a7b7a3SRobert Watson static int
12851c3f91cdSRobert Watson stub_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp,
1286d8a7b7a3SRobert Watson     struct label *dlabel, struct vnode *vp, struct label *label, int samedir,
1287d8a7b7a3SRobert Watson     struct componentname *cnp)
1288d8a7b7a3SRobert Watson {
1289d8a7b7a3SRobert Watson 
1290d8a7b7a3SRobert Watson 	return (0);
1291d8a7b7a3SRobert Watson }
1292d8a7b7a3SRobert Watson 
1293d8a7b7a3SRobert Watson static int
12941c3f91cdSRobert Watson stub_check_vnode_revoke(struct ucred *cred, struct vnode *vp,
1295d8a7b7a3SRobert Watson     struct label *label)
1296d8a7b7a3SRobert Watson {
1297d8a7b7a3SRobert Watson 
1298d8a7b7a3SRobert Watson 	return (0);
1299d8a7b7a3SRobert Watson }
1300d8a7b7a3SRobert Watson 
1301d8a7b7a3SRobert Watson static int
13021c3f91cdSRobert Watson stub_check_vnode_setacl(struct ucred *cred, struct vnode *vp,
1303d8a7b7a3SRobert Watson     struct label *label, acl_type_t type, struct acl *acl)
1304d8a7b7a3SRobert Watson {
1305d8a7b7a3SRobert Watson 
1306d8a7b7a3SRobert Watson 	return (0);
1307d8a7b7a3SRobert Watson }
1308d8a7b7a3SRobert Watson 
1309d8a7b7a3SRobert Watson static int
13101c3f91cdSRobert Watson stub_check_vnode_setextattr(struct ucred *cred, struct vnode *vp,
1311d8a7b7a3SRobert Watson     struct label *label, int attrnamespace, const char *name, struct uio *uio)
1312d8a7b7a3SRobert Watson {
1313d8a7b7a3SRobert Watson 
1314d8a7b7a3SRobert Watson 	return (0);
1315d8a7b7a3SRobert Watson }
1316d8a7b7a3SRobert Watson 
1317d8a7b7a3SRobert Watson static int
13181c3f91cdSRobert Watson stub_check_vnode_setflags(struct ucred *cred, struct vnode *vp,
1319d8a7b7a3SRobert Watson     struct label *label, u_long flags)
1320d8a7b7a3SRobert Watson {
1321d8a7b7a3SRobert Watson 
1322d8a7b7a3SRobert Watson 	return (0);
1323d8a7b7a3SRobert Watson }
1324d8a7b7a3SRobert Watson 
1325d8a7b7a3SRobert Watson static int
13261c3f91cdSRobert Watson stub_check_vnode_setmode(struct ucred *cred, struct vnode *vp,
1327d8a7b7a3SRobert Watson     struct label *label, mode_t mode)
1328d8a7b7a3SRobert Watson {
1329d8a7b7a3SRobert Watson 
1330d8a7b7a3SRobert Watson 	return (0);
1331d8a7b7a3SRobert Watson }
1332d8a7b7a3SRobert Watson 
1333d8a7b7a3SRobert Watson static int
13341c3f91cdSRobert Watson stub_check_vnode_setowner(struct ucred *cred, struct vnode *vp,
1335d8a7b7a3SRobert Watson     struct label *label, uid_t uid, gid_t gid)
1336d8a7b7a3SRobert Watson {
1337d8a7b7a3SRobert Watson 
1338d8a7b7a3SRobert Watson 	return (0);
1339d8a7b7a3SRobert Watson }
1340d8a7b7a3SRobert Watson 
1341d8a7b7a3SRobert Watson static int
13421c3f91cdSRobert Watson stub_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
1343d8a7b7a3SRobert Watson     struct label *label, struct timespec atime, struct timespec mtime)
1344d8a7b7a3SRobert Watson {
1345d8a7b7a3SRobert Watson 
1346d8a7b7a3SRobert Watson 	return (0);
1347d8a7b7a3SRobert Watson }
1348d8a7b7a3SRobert Watson 
1349d8a7b7a3SRobert Watson static int
13501c3f91cdSRobert Watson stub_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
1351177142e4SRobert Watson     struct vnode *vp, struct label *label)
1352d8a7b7a3SRobert Watson {
1353d8a7b7a3SRobert Watson 
1354d8a7b7a3SRobert Watson 	return (0);
1355d8a7b7a3SRobert Watson }
1356d8a7b7a3SRobert Watson 
13577f724f8bSRobert Watson static int
13581c3f91cdSRobert Watson stub_check_vnode_write(struct ucred *active_cred,
1359177142e4SRobert Watson     struct ucred *file_cred, struct vnode *vp, struct label *label)
13607f724f8bSRobert Watson {
13617f724f8bSRobert Watson 
13627f724f8bSRobert Watson 	return (0);
13637f724f8bSRobert Watson }
13647f724f8bSRobert Watson 
1365403b781eSRobert Watson static int
1366403b781eSRobert Watson stub_priv_check(struct ucred *cred, int priv)
1367403b781eSRobert Watson {
1368403b781eSRobert Watson 
1369403b781eSRobert Watson 	return (0);
1370403b781eSRobert Watson }
1371403b781eSRobert Watson 
1372403b781eSRobert Watson static int
1373403b781eSRobert Watson stub_priv_grant(struct ucred *cred, int priv)
1374403b781eSRobert Watson {
1375403b781eSRobert Watson 
1376403b781eSRobert Watson 	return (EPERM);
1377403b781eSRobert Watson }
1378403b781eSRobert Watson 
13791c3f91cdSRobert Watson static struct mac_policy_ops mac_stub_ops =
1380d8a7b7a3SRobert Watson {
13811c3f91cdSRobert Watson 	.mpo_destroy = stub_destroy,
13821c3f91cdSRobert Watson 	.mpo_init = stub_init,
13831c3f91cdSRobert Watson 	.mpo_syscall = stub_syscall,
13841c3f91cdSRobert Watson 	.mpo_init_bpfdesc_label = stub_init_label,
13851c3f91cdSRobert Watson 	.mpo_init_cred_label = stub_init_label,
13861c3f91cdSRobert Watson 	.mpo_init_devfsdirent_label = stub_init_label,
13871c3f91cdSRobert Watson 	.mpo_init_ifnet_label = stub_init_label,
1388a557af22SRobert Watson 	.mpo_init_inpcb_label = stub_init_label_waitcheck,
1389ba53d9c9SRobert Watson 	.mpo_init_sysv_msgmsg_label = stub_init_label,
1390ba53d9c9SRobert Watson 	.mpo_init_sysv_msgqueue_label = stub_init_label,
13913831e7d7SRobert Watson 	.mpo_init_sysv_sem_label = stub_init_label,
1392ba53d9c9SRobert Watson 	.mpo_init_sysv_shm_label = stub_init_label,
13931c3f91cdSRobert Watson 	.mpo_init_ipq_label = stub_init_label_waitcheck,
13941c3f91cdSRobert Watson 	.mpo_init_mbuf_label = stub_init_label_waitcheck,
13951c3f91cdSRobert Watson 	.mpo_init_mount_label = stub_init_label,
13961c3f91cdSRobert Watson 	.mpo_init_mount_fs_label = stub_init_label,
13971c3f91cdSRobert Watson 	.mpo_init_pipe_label = stub_init_label,
139852648411SRobert Watson 	.mpo_init_posix_sem_label = stub_init_label,
13991c3f91cdSRobert Watson 	.mpo_init_socket_label = stub_init_label_waitcheck,
14001c3f91cdSRobert Watson 	.mpo_init_socket_peer_label = stub_init_label_waitcheck,
14011c3f91cdSRobert Watson 	.mpo_init_vnode_label = stub_init_label,
14021c3f91cdSRobert Watson 	.mpo_destroy_bpfdesc_label = stub_destroy_label,
14031c3f91cdSRobert Watson 	.mpo_destroy_cred_label = stub_destroy_label,
14041c3f91cdSRobert Watson 	.mpo_destroy_devfsdirent_label = stub_destroy_label,
14051c3f91cdSRobert Watson 	.mpo_destroy_ifnet_label = stub_destroy_label,
1406a557af22SRobert Watson 	.mpo_destroy_inpcb_label = stub_destroy_label,
1407ba53d9c9SRobert Watson 	.mpo_destroy_sysv_msgmsg_label = stub_destroy_label,
1408ba53d9c9SRobert Watson 	.mpo_destroy_sysv_msgqueue_label = stub_destroy_label,
14093831e7d7SRobert Watson 	.mpo_destroy_sysv_sem_label = stub_destroy_label,
1410ba53d9c9SRobert Watson 	.mpo_destroy_sysv_shm_label = stub_destroy_label,
14111c3f91cdSRobert Watson 	.mpo_destroy_ipq_label = stub_destroy_label,
14121c3f91cdSRobert Watson 	.mpo_destroy_mbuf_label = stub_destroy_label,
14131c3f91cdSRobert Watson 	.mpo_destroy_mount_label = stub_destroy_label,
14141c3f91cdSRobert Watson 	.mpo_destroy_mount_fs_label = stub_destroy_label,
14151c3f91cdSRobert Watson 	.mpo_destroy_pipe_label = stub_destroy_label,
141652648411SRobert Watson 	.mpo_destroy_posix_sem_label = stub_destroy_label,
14171c3f91cdSRobert Watson 	.mpo_destroy_socket_label = stub_destroy_label,
14181c3f91cdSRobert Watson 	.mpo_destroy_socket_peer_label = stub_destroy_label,
14191c3f91cdSRobert Watson 	.mpo_destroy_vnode_label = stub_destroy_label,
142056d9e932SRobert Watson 	.mpo_copy_cred_label = stub_copy_label,
14212220907bSRobert Watson 	.mpo_copy_ifnet_label = stub_copy_label,
14220196273bSRobert Watson 	.mpo_copy_mbuf_label = stub_copy_label,
14230196273bSRobert Watson 	.mpo_copy_pipe_label = stub_copy_label,
1424b0323ea3SRobert Watson 	.mpo_copy_socket_label = stub_copy_label,
14250196273bSRobert Watson 	.mpo_copy_vnode_label = stub_copy_label,
14261c3f91cdSRobert Watson 	.mpo_externalize_cred_label = stub_externalize_label,
14271c3f91cdSRobert Watson 	.mpo_externalize_ifnet_label = stub_externalize_label,
14281c3f91cdSRobert Watson 	.mpo_externalize_pipe_label = stub_externalize_label,
14291c3f91cdSRobert Watson 	.mpo_externalize_socket_label = stub_externalize_label,
14301c3f91cdSRobert Watson 	.mpo_externalize_socket_peer_label = stub_externalize_label,
14311c3f91cdSRobert Watson 	.mpo_externalize_vnode_label = stub_externalize_label,
14321c3f91cdSRobert Watson 	.mpo_internalize_cred_label = stub_internalize_label,
14331c3f91cdSRobert Watson 	.mpo_internalize_ifnet_label = stub_internalize_label,
14341c3f91cdSRobert Watson 	.mpo_internalize_pipe_label = stub_internalize_label,
14351c3f91cdSRobert Watson 	.mpo_internalize_socket_label = stub_internalize_label,
14361c3f91cdSRobert Watson 	.mpo_internalize_vnode_label = stub_internalize_label,
14371c3f91cdSRobert Watson 	.mpo_associate_vnode_devfs = stub_associate_vnode_devfs,
14381c3f91cdSRobert Watson 	.mpo_associate_vnode_extattr = stub_associate_vnode_extattr,
14391c3f91cdSRobert Watson 	.mpo_associate_vnode_singlelabel = stub_associate_vnode_singlelabel,
14401c3f91cdSRobert Watson 	.mpo_create_devfs_device = stub_create_devfs_device,
14411c3f91cdSRobert Watson 	.mpo_create_devfs_directory = stub_create_devfs_directory,
14421c3f91cdSRobert Watson 	.mpo_create_devfs_symlink = stub_create_devfs_symlink,
1443ba53d9c9SRobert Watson 	.mpo_create_sysv_msgmsg = stub_create_sysv_msgmsg,
1444ba53d9c9SRobert Watson 	.mpo_create_sysv_msgqueue = stub_create_sysv_msgqueue,
14453831e7d7SRobert Watson 	.mpo_create_sysv_sem = stub_create_sysv_sem,
1446ba53d9c9SRobert Watson 	.mpo_create_sysv_shm = stub_create_sysv_shm,
14471c3f91cdSRobert Watson 	.mpo_create_vnode_extattr = stub_create_vnode_extattr,
14481c3f91cdSRobert Watson 	.mpo_create_mount = stub_create_mount,
14491c3f91cdSRobert Watson 	.mpo_relabel_vnode = stub_relabel_vnode,
14501c3f91cdSRobert Watson 	.mpo_setlabel_vnode_extattr = stub_setlabel_vnode_extattr,
14511c3f91cdSRobert Watson 	.mpo_update_devfsdirent = stub_update_devfsdirent,
14521c3f91cdSRobert Watson 	.mpo_create_mbuf_from_socket = stub_create_mbuf_from_socket,
14531c3f91cdSRobert Watson 	.mpo_create_pipe = stub_create_pipe,
145452648411SRobert Watson 	.mpo_create_posix_sem = stub_create_posix_sem,
14551c3f91cdSRobert Watson 	.mpo_create_socket = stub_create_socket,
14561c3f91cdSRobert Watson 	.mpo_create_socket_from_socket = stub_create_socket_from_socket,
14571c3f91cdSRobert Watson 	.mpo_relabel_pipe = stub_relabel_pipe,
14581c3f91cdSRobert Watson 	.mpo_relabel_socket = stub_relabel_socket,
14591c3f91cdSRobert Watson 	.mpo_set_socket_peer_from_mbuf = stub_set_socket_peer_from_mbuf,
14601c3f91cdSRobert Watson 	.mpo_set_socket_peer_from_socket = stub_set_socket_peer_from_socket,
14611c3f91cdSRobert Watson 	.mpo_create_bpfdesc = stub_create_bpfdesc,
14621c3f91cdSRobert Watson 	.mpo_create_ifnet = stub_create_ifnet,
1463a557af22SRobert Watson 	.mpo_create_inpcb_from_socket = stub_create_inpcb_from_socket,
14641c3f91cdSRobert Watson 	.mpo_create_ipq = stub_create_ipq,
14651c3f91cdSRobert Watson 	.mpo_create_datagram_from_ipq = stub_create_datagram_from_ipq,
14661c3f91cdSRobert Watson 	.mpo_create_fragment = stub_create_fragment,
14672d92ec98SRobert Watson 	.mpo_create_mbuf_from_inpcb = stub_create_mbuf_from_inpcb,
14681c3f91cdSRobert Watson 	.mpo_create_mbuf_linklayer = stub_create_mbuf_linklayer,
14691c3f91cdSRobert Watson 	.mpo_create_mbuf_from_bpfdesc = stub_create_mbuf_from_bpfdesc,
14701c3f91cdSRobert Watson 	.mpo_create_mbuf_from_ifnet = stub_create_mbuf_from_ifnet,
14711c3f91cdSRobert Watson 	.mpo_create_mbuf_multicast_encap = stub_create_mbuf_multicast_encap,
14721c3f91cdSRobert Watson 	.mpo_create_mbuf_netlayer = stub_create_mbuf_netlayer,
14731c3f91cdSRobert Watson 	.mpo_fragment_match = stub_fragment_match,
147464f00af8SRobert Watson 	.mpo_reflect_mbuf_icmp = stub_reflect_mbuf_icmp,
147564f00af8SRobert Watson 	.mpo_reflect_mbuf_tcp = stub_reflect_mbuf_tcp,
14761c3f91cdSRobert Watson 	.mpo_relabel_ifnet = stub_relabel_ifnet,
14771c3f91cdSRobert Watson 	.mpo_update_ipq = stub_update_ipq,
1478a557af22SRobert Watson 	.mpo_inpcb_sosetlabel = stub_inpcb_sosetlabel,
14791c3f91cdSRobert Watson 	.mpo_execve_transition = stub_execve_transition,
14801c3f91cdSRobert Watson 	.mpo_execve_will_transition = stub_execve_will_transition,
14811c3f91cdSRobert Watson 	.mpo_create_proc0 = stub_create_proc0,
14821c3f91cdSRobert Watson 	.mpo_create_proc1 = stub_create_proc1,
14831c3f91cdSRobert Watson 	.mpo_relabel_cred = stub_relabel_cred,
14841c3f91cdSRobert Watson 	.mpo_thread_userret = stub_thread_userret,
1485ba53d9c9SRobert Watson 	.mpo_cleanup_sysv_msgmsg = stub_cleanup_sysv_msgmsg,
1486ba53d9c9SRobert Watson 	.mpo_cleanup_sysv_msgqueue = stub_cleanup_sysv_msgqueue,
14873831e7d7SRobert Watson 	.mpo_cleanup_sysv_sem = stub_cleanup_sysv_sem,
1488ba53d9c9SRobert Watson 	.mpo_cleanup_sysv_shm = stub_cleanup_sysv_shm,
14891c3f91cdSRobert Watson 	.mpo_check_bpfdesc_receive = stub_check_bpfdesc_receive,
14901c3f91cdSRobert Watson 	.mpo_check_cred_relabel = stub_check_cred_relabel,
14911c3f91cdSRobert Watson 	.mpo_check_cred_visible = stub_check_cred_visible,
14921c3f91cdSRobert Watson 	.mpo_check_ifnet_relabel = stub_check_ifnet_relabel,
14931c3f91cdSRobert Watson 	.mpo_check_ifnet_transmit = stub_check_ifnet_transmit,
1494a557af22SRobert Watson 	.mpo_check_inpcb_deliver = stub_check_inpcb_deliver,
1495ba53d9c9SRobert Watson 	.mpo_check_sysv_msgmsq = stub_check_sysv_msgmsq,
1496ba53d9c9SRobert Watson 	.mpo_check_sysv_msgrcv = stub_check_sysv_msgrcv,
1497ba53d9c9SRobert Watson 	.mpo_check_sysv_msgrmid = stub_check_sysv_msgrmid,
1498ba53d9c9SRobert Watson 	.mpo_check_sysv_msqget = stub_check_sysv_msqget,
1499ba53d9c9SRobert Watson 	.mpo_check_sysv_msqsnd = stub_check_sysv_msqsnd,
1500ba53d9c9SRobert Watson 	.mpo_check_sysv_msqrcv = stub_check_sysv_msqrcv,
1501ba53d9c9SRobert Watson 	.mpo_check_sysv_msqctl = stub_check_sysv_msqctl,
1502ba53d9c9SRobert Watson 	.mpo_check_sysv_semctl = stub_check_sysv_semctl,
1503ba53d9c9SRobert Watson 	.mpo_check_sysv_semget = stub_check_sysv_semget,
1504ba53d9c9SRobert Watson 	.mpo_check_sysv_semop = stub_check_sysv_semop,
1505ba53d9c9SRobert Watson 	.mpo_check_sysv_shmat = stub_check_sysv_shmat,
1506ba53d9c9SRobert Watson 	.mpo_check_sysv_shmctl = stub_check_sysv_shmctl,
1507ba53d9c9SRobert Watson 	.mpo_check_sysv_shmdt = stub_check_sysv_shmdt,
1508ba53d9c9SRobert Watson 	.mpo_check_sysv_shmget = stub_check_sysv_shmget,
15091c3f91cdSRobert Watson 	.mpo_check_kenv_dump = stub_check_kenv_dump,
15101c3f91cdSRobert Watson 	.mpo_check_kenv_get = stub_check_kenv_get,
15111c3f91cdSRobert Watson 	.mpo_check_kenv_set = stub_check_kenv_set,
15121c3f91cdSRobert Watson 	.mpo_check_kenv_unset = stub_check_kenv_unset,
15131c3f91cdSRobert Watson 	.mpo_check_kld_load = stub_check_kld_load,
15141c3f91cdSRobert Watson 	.mpo_check_kld_stat = stub_check_kld_stat,
15151c3f91cdSRobert Watson 	.mpo_check_kld_unload = stub_check_kld_unload,
15161c3f91cdSRobert Watson 	.mpo_check_mount_stat = stub_check_mount_stat,
15171c3f91cdSRobert Watson 	.mpo_check_pipe_ioctl = stub_check_pipe_ioctl,
15181c3f91cdSRobert Watson 	.mpo_check_pipe_poll = stub_check_pipe_poll,
15191c3f91cdSRobert Watson 	.mpo_check_pipe_read = stub_check_pipe_read,
15201c3f91cdSRobert Watson 	.mpo_check_pipe_relabel = stub_check_pipe_relabel,
15211c3f91cdSRobert Watson 	.mpo_check_pipe_stat = stub_check_pipe_stat,
15221c3f91cdSRobert Watson 	.mpo_check_pipe_write = stub_check_pipe_write,
152352648411SRobert Watson 	.mpo_check_posix_sem_destroy = stub_check_posix_sem_destroy,
152452648411SRobert Watson 	.mpo_check_posix_sem_getvalue = stub_check_posix_sem_getvalue,
152552648411SRobert Watson 	.mpo_check_posix_sem_open = stub_check_posix_sem_open,
152652648411SRobert Watson 	.mpo_check_posix_sem_post = stub_check_posix_sem_post,
152752648411SRobert Watson 	.mpo_check_posix_sem_unlink = stub_check_posix_sem_unlink,
152852648411SRobert Watson 	.mpo_check_posix_sem_wait = stub_check_posix_sem_wait,
15291c3f91cdSRobert Watson 	.mpo_check_proc_debug = stub_check_proc_debug,
15301c3f91cdSRobert Watson 	.mpo_check_proc_sched = stub_check_proc_sched,
1531030a28b3SRobert Watson 	.mpo_check_proc_setuid = stub_check_proc_setuid,
1532030a28b3SRobert Watson 	.mpo_check_proc_seteuid = stub_check_proc_seteuid,
1533030a28b3SRobert Watson 	.mpo_check_proc_setgid = stub_check_proc_setgid,
1534030a28b3SRobert Watson 	.mpo_check_proc_setegid = stub_check_proc_setegid,
1535030a28b3SRobert Watson 	.mpo_check_proc_setgroups = stub_check_proc_setgroups,
1536030a28b3SRobert Watson 	.mpo_check_proc_setreuid = stub_check_proc_setreuid,
1537030a28b3SRobert Watson 	.mpo_check_proc_setregid = stub_check_proc_setregid,
1538030a28b3SRobert Watson 	.mpo_check_proc_setresuid = stub_check_proc_setresuid,
1539030a28b3SRobert Watson 	.mpo_check_proc_setresgid = stub_check_proc_setresgid,
15401c3f91cdSRobert Watson 	.mpo_check_proc_signal = stub_check_proc_signal,
1541babe9a2bSRobert Watson 	.mpo_check_proc_wait = stub_check_proc_wait,
15427f53207bSRobert Watson 	.mpo_check_socket_accept = stub_check_socket_accept,
15431c3f91cdSRobert Watson 	.mpo_check_socket_bind = stub_check_socket_bind,
15441c3f91cdSRobert Watson 	.mpo_check_socket_connect = stub_check_socket_connect,
15456758f88eSRobert Watson 	.mpo_check_socket_create = stub_check_socket_create,
15461c3f91cdSRobert Watson 	.mpo_check_socket_deliver = stub_check_socket_deliver,
15471c3f91cdSRobert Watson 	.mpo_check_socket_listen = stub_check_socket_listen,
15487f53207bSRobert Watson 	.mpo_check_socket_poll = stub_check_socket_poll,
15497f53207bSRobert Watson 	.mpo_check_socket_receive = stub_check_socket_receive,
15501c3f91cdSRobert Watson 	.mpo_check_socket_relabel = stub_check_socket_relabel,
15517f53207bSRobert Watson 	.mpo_check_socket_send = stub_check_socket_send,
15527f53207bSRobert Watson 	.mpo_check_socket_stat = stub_check_socket_stat,
15531c3f91cdSRobert Watson 	.mpo_check_socket_visible = stub_check_socket_visible,
15541c3f91cdSRobert Watson 	.mpo_check_sysarch_ioperm = stub_check_sysarch_ioperm,
15551c3f91cdSRobert Watson 	.mpo_check_system_acct = stub_check_system_acct,
15561c3f91cdSRobert Watson 	.mpo_check_system_reboot = stub_check_system_reboot,
15571c3f91cdSRobert Watson 	.mpo_check_system_settime = stub_check_system_settime,
15581c3f91cdSRobert Watson 	.mpo_check_system_swapon = stub_check_system_swapon,
15591c3f91cdSRobert Watson 	.mpo_check_system_swapoff = stub_check_system_swapoff,
15601c3f91cdSRobert Watson 	.mpo_check_system_sysctl = stub_check_system_sysctl,
15611c3f91cdSRobert Watson 	.mpo_check_vnode_access = stub_check_vnode_access,
15621c3f91cdSRobert Watson 	.mpo_check_vnode_chdir = stub_check_vnode_chdir,
15631c3f91cdSRobert Watson 	.mpo_check_vnode_chroot = stub_check_vnode_chroot,
15641c3f91cdSRobert Watson 	.mpo_check_vnode_create = stub_check_vnode_create,
15651c3f91cdSRobert Watson 	.mpo_check_vnode_delete = stub_check_vnode_delete,
15661c3f91cdSRobert Watson 	.mpo_check_vnode_deleteacl = stub_check_vnode_deleteacl,
156764f00af8SRobert Watson 	.mpo_check_vnode_deleteextattr = stub_check_vnode_deleteextattr,
15681c3f91cdSRobert Watson 	.mpo_check_vnode_exec = stub_check_vnode_exec,
15691c3f91cdSRobert Watson 	.mpo_check_vnode_getacl = stub_check_vnode_getacl,
15701c3f91cdSRobert Watson 	.mpo_check_vnode_getextattr = stub_check_vnode_getextattr,
15711c3f91cdSRobert Watson 	.mpo_check_vnode_link = stub_check_vnode_link,
157264f00af8SRobert Watson 	.mpo_check_vnode_listextattr = stub_check_vnode_listextattr,
15731c3f91cdSRobert Watson 	.mpo_check_vnode_lookup = stub_check_vnode_lookup,
15741c3f91cdSRobert Watson 	.mpo_check_vnode_mmap = stub_check_vnode_mmap,
15751c3f91cdSRobert Watson 	.mpo_check_vnode_open = stub_check_vnode_open,
15761c3f91cdSRobert Watson 	.mpo_check_vnode_poll = stub_check_vnode_poll,
15771c3f91cdSRobert Watson 	.mpo_check_vnode_read = stub_check_vnode_read,
15781c3f91cdSRobert Watson 	.mpo_check_vnode_readdir = stub_check_vnode_readdir,
15791c3f91cdSRobert Watson 	.mpo_check_vnode_readlink = stub_check_vnode_readlink,
15801c3f91cdSRobert Watson 	.mpo_check_vnode_relabel = stub_check_vnode_relabel,
15811c3f91cdSRobert Watson 	.mpo_check_vnode_rename_from = stub_check_vnode_rename_from,
15821c3f91cdSRobert Watson 	.mpo_check_vnode_rename_to = stub_check_vnode_rename_to,
15831c3f91cdSRobert Watson 	.mpo_check_vnode_revoke = stub_check_vnode_revoke,
15841c3f91cdSRobert Watson 	.mpo_check_vnode_setacl = stub_check_vnode_setacl,
15851c3f91cdSRobert Watson 	.mpo_check_vnode_setextattr = stub_check_vnode_setextattr,
15861c3f91cdSRobert Watson 	.mpo_check_vnode_setflags = stub_check_vnode_setflags,
15871c3f91cdSRobert Watson 	.mpo_check_vnode_setmode = stub_check_vnode_setmode,
15881c3f91cdSRobert Watson 	.mpo_check_vnode_setowner = stub_check_vnode_setowner,
15891c3f91cdSRobert Watson 	.mpo_check_vnode_setutimes = stub_check_vnode_setutimes,
15901c3f91cdSRobert Watson 	.mpo_check_vnode_stat = stub_check_vnode_stat,
15911c3f91cdSRobert Watson 	.mpo_check_vnode_write = stub_check_vnode_write,
1592403b781eSRobert Watson 	.mpo_priv_check = stub_priv_check,
1593403b781eSRobert Watson 	.mpo_priv_grant = stub_priv_grant,
1594d8a7b7a3SRobert Watson };
1595d8a7b7a3SRobert Watson 
15961c3f91cdSRobert Watson MAC_POLICY_SET(&mac_stub_ops, mac_stub, "TrustedBSD MAC/Stub",
1597740348c4SRobert Watson     MPC_LOADTIME_FLAG_UNLOADOK, NULL);
1598